Constant-Time Callees with Variable-Time Callers. Cesar Pereida Garcı a Billy Bob Brumley Tampere University of Technology Finland

Transcription

1 Constant-Time Callees with Variable-Time Callers Cesar Pereida Garcı a Billy Bob Brumley Tampere University of Technology Finland

2 Outline Enabling Cache-Timing Attacks Motivation Brief History of Cache-Timing Attacks Recipe for Side-Channel Attacks Step 1, 2, 3, 4 and 5 End-to-End Cache-Attack TLS & SSH Crypto libraries Conclusions 2

3 Enabling Cache-Timing Attacks 3

4 Brief History of Cache-Timing Attacks for Public Key Cryptography in OpenSSL 4

5 0.9.7 Cryptosystem DSA RSA ECDSA ECDSA Year RSA OpenSSL Version Cache-Timing Attacks for Public Key Cryptography DSA 10 - Aciicmez et al. (P+P/L1-I) 09 - Brumley & Hakala (P+P/LI-I) 05 - Percival (E+R/L1-D) 14 - Benger et al Aciicmez et al. (SBPA/L1-I) 16 - Pereida García et al. (F+R/LLC/secp256) (F+R/Perf. Deg./LLC) 08 - Aciicmez & Schindler (SBPA/L1-D) 14 - Yarom & Benger (F+R/LLC/Binary Field) 16 - Yarom et al. (Cache-Bank Collision L1) 15 - van de Pol et al. (F+R/LLC) 16 - Allan et al.(f+r/perf. Deg./LLC) 5

6 0.9.7 Cryptosystem DSA RSA ECDSA : RSA EXP BN_FLG_EXP_CONSTTIME BN_mod_exp_mont_consttime Year 12: ECDSA POINT MULT EC_GFp_nistp256_method: Constant-time scalar multiplication (fixed window & masking) Research shifts to secp256k1 (wnaf) OpenSSL Version Relevant Changes Introduced due to Cache-Timing Attacks 07: RSA INV BN_mod_inverse_no_branch BN_div BN_FLG_CONSTTIME 15: ECDSA FAST & MOD INV EC_GFp_nistz256_method BN_mod_exp_mont_consttime + FLT 6

7 Recipe for Side-Channel Attacks on Digital Signatures 7

8 Recipe for a Side-Channel Attack 1) Take an algorithm that uses confidential data. 4) Convert sequences to bits and combine with message and signature. 2) Measure the side-channel leakage. 5) Let it rest in a lattice for some time. 3) Run the leaked data through a signal processing machine. Et voilà, you have a private key. 8

9 Step 1 Take a primitive and an algorithm that uses confidential data 9

10 ECDSA Given: Signing: Note: Nonce k is recoverable if at least 3 bits are leaked for each signature. Constant-Time Scalar by Point Multiplication Modular Inversion? 10

11 Modular Inversion (OpenSSL 1.0.1) 11

12 Binary Extended Euclidean Algorithm Fact Cache-Attack OpenSSL BBEA Number of right-shifts on v BN_rshift1 Number of right-shifts on u Number and order of subtractions on v Number and order of subtractions on u Only one loop per iteration BN_usub U loop is the only loop that can be executed during the first iteration k is protected, i.e. padded with modulus n 12

13 Step 2 Measure the Side-Channel Leakage 13

14 Flush+Reload [1] on the BEEA BN_rshift1 BN_usub [1] Yarom, Yuval, and Katrina Falkner. "FLUSH+ RELOAD: A High Resolution, Low Noise, L3 Cache Side-Channel Attack." USENIX

15 Improved Performance Degradation Objective: Identify the addresses with the highest impact Better probing Better degradation 1) Identify the candidate methods and their memory addresses. BN_mod_inverse BN_rshift1 BN_usub BN_uadd BN_rshift 0xE7940 0xE48E0 0xD7B00 0xD7800 0xDDFC0 2) Degrade one memory address at a time. 3) Count cache-misses and CPU cycles using performance counters (perf). 15

16 Setup and Attack Scenario Setup Intel Core i Sandy Bridge 3.10 GHz 8 GB memory Ubuntu LTS Xenial 64-bits OpenSSL 1.0.1u 16

17 Step 3 Apply Signal Processing 17

18 Signal Processing Trace Template & Cross-correlation Apply moving average. Raw Clean Translate to LS sequence LSLLSLSL... 18

19 Step 4 Recover Bits 19

20 Bit Recovery LSLLSLSL SLLLLL

21 Bit Recovery 26 2 Sequences Bits >= 3 Length L=5 21

22 Bit Recovery 22

23 Step 5 Lattice Attack 23

24 Lattice Attack Input parameters to Lattice: Bits recovered Messages Signatures Lattice information: Dimension d + 2 Implemented in Sage BKZ reduction (block size 30) [8] Cabrera Aldaya et al. "SPA vulnerabilities of the binary extended Euclidean algorithm." Journal of Cryptographic Engineering (16):

25 End-to-End Protocol Attack 25

26 End-to-End Protocol Attack 26

27 Cryptographic Libraries Crypto libraries are a prime target for CTA! We offered a patch to the libraries OpenSSL development reached EOL starting January 17. OpenSSL shipped with Ubuntu LTS and 14.04; Debian 7.0 and 8.0; and SUSE. Upgrade to OpenSSL or higher. Otherwise, apply the patch! 27

28 Conclusions Constant-time implementations need to be tested. The BEEA modular inversion enables practical cache-timing attacks. The performance degradation technique improves trace quality. Different key bit recovery approaches are possible. Cache-Timing attacks are increasing in popularity and complexity every year. 28

29 Thank you Questions? 29